New function mbedtls_rsa_get_bitlen()

Document, implement and test mbedtls_rsa_get_bitlen(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-01 10:06:53 +03:00 · 2024-02-01 22:17:44 +01:00
parent c3d17cde46
commit 19f1adfc69
5 changed files with 165 additions and 29 deletions
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@ -183,7 +183,8 @@ void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode,
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);

    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
    TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);

@ -221,7 +222,8 @@ void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode,
    TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);

    TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
@ -262,7 +264,8 @@ void rsa_pkcs1_sign_raw(data_t *hash_result,
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);

    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
    TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);

@ -305,7 +308,8 @@ void rsa_pkcs1_verify_raw(data_t *hash_result,
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);

    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);


@ -341,7 +345,8 @@ void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode,
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);

    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);


@ -382,7 +387,8 @@ void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode,
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);

    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);


@ -432,7 +438,8 @@ void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode,
    TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);

    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
    TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);

@ -477,8 +484,9 @@ void mbedtls_rsa_public(data_t *message_str, int mod,
    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);

    /* Check test data consistency */
-    TEST_ASSERT(message_str->len == (size_t) (mod / 8));
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);

    TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
@ -537,8 +545,9 @@ void mbedtls_rsa_private(data_t *message_str, int mod,
    TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);

    /* Check test data consistency */
-    TEST_ASSERT(message_str->len == (size_t) (mod / 8));
-    TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
+    TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
+    TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
    TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
    TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);

@ -851,6 +860,7 @@ void mbedtls_rsa_import(char *input_N,
                        char *input_Q,
                        char *input_D,
                        char *input_E,
+                        int bitlen,
                        int successive,
                        int is_priv,
                        int res_check,
@ -936,6 +946,9 @@ void mbedtls_rsa_import(char *input_N,
    /* On expected success, perform some public and private
     * key operations to check if the key is working properly. */
    if (res_complete == 0) {
+        TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen);
+        TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8);
+
        if (is_priv) {
            TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
        } else {